Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(February 2011) Posts

The Ransomway

Posted: 24 Feb 2011 10:36 PM | Ivan Sabo | no comments


 

The Ransomway

There are always different ways to make money. Cybercriminals know it, and their imagination is unlimited as far as we can tell. Sometimes they lure users into downloading a rogue AV as a treatment for an “infected computer”, other times they literally extort users to pay to get their own data or computer access back. Let's have a look into the infamous malware called ransomware.

 

In general we can divide this sort of malware into three separate categories:

  1. file encrypters

  2. system lockers

  3. application lockers

     

Even though their application varies, the aim is always the same. The victim has to pay, otherwise the data/access will be lost for ever.

 

...

Read more > 

Filed under: , ,

A refreshing change to our .ORG site: it's now serving spam

Posted: 22 Feb 2011 06:57 AM | Ran Mosessco | no comments


Websense Security Labs™ gets to see a lot of large email spam campaigns that come through our ThreatSeeker™ Network. However, what's nice is that not only do we get to analyze and protect against the larger campaigns, we can also notice smaller campaigns or oddball variants.

 

A few days ago, we came across this interesting piece of email. Although small, it's interesting to see the crossover of malicious style compromises into the spam world. It also highlights the business model the spammers are going by... or perhaps it points to something more dangerous (more on that later).

 

Websense customers are protected with our Advanced Classification Engine analytics, our suite of technologies within TRITON.

 

The process starts with an email having a subject line like "The refreshed site of our company". The email messages is thanking the recipient for assisting them (the company) solving a problem they had on their website, and urging the user to open it.

...

Read more > 

Filed under: ,

Multi-Dimensional Reputation shown with ThreatSeeker

Posted: 17 Feb 2011 05:43 PM | Chris Astacio | no comments


Here at Websense Security Labs™ we see multiple incidents daily which come to us via our ThreatSeeker™ Network.  With all of our sources coming into one central area, it can be overwhelming to connect the dots and realize the context of where an incident is coming from and how it's being used.  In this blog post we hope to convey how we are able to handle so much data with one view and provide a peek at the benefits of some of our automated systems used to provide information on all of our data on a daily basis.  For our example in this blog post we will take an incident reported from our Defensio data, we'll have a look at a URL which Defensio found in a posting that was deemed as spam.

...

Read more > 

Beware of Embedded Spyware of Mobile Apps

Posted: 16 Feb 2011 03:06 AM | Tim Xia | no comments


We have seen quite a few stories about embedding spyware or malware into popular software where careless users can easily download to their PCs. Embedding is a common tactic used to spread malware as it can easily be distributed through self-extracting packages that can be imported to multiple platforms like mobile devices. Mobile users typically have less control of their devices compared to PC users; therefore more care should be taken when installing applications onto mobile devices.

...

Read more > 

Filed under: ,

BBC - 6 Music and 1xtra Web site Injected With Malicious iFrame

Posted: 15 Feb 2011 04:03 PM | Carl Leonard | 3 comment(s)


The BBC - 6 Music Web site has been injected with a malicious iframe, as have areas of the BBC 1Xtra radio station Web site.  At the time of writing this blog, the sites are still linking to an injected iframe.

Websense customers are protected with our Advanced Classification Engine analytics, our suite of technologies within TRITON.

...

Read more > 

Filed under:

Night Dragon

Posted: 13 Feb 2011 01:04 AM | Patrik Runald | no comments


Over the past few days there have been a lot of talk and media reports about an attack named Night Dragon. Night Dragon targets the U.S. oil, gas, and petrochemical companies. It steals proprietary and confidential information from executives by using a combination of social engineering, Remote Access Trojans (RATs), and SQL injection attacks to gain access to external and internal hosts inside companies.

...

Read more > 

Filed under:

Raising Awareness of Cyber Threats - The Debate

Posted: 10 Feb 2011 01:32 PM | Carl Leonard | no comments


Last night I had the privilege of participating in a panel discussion at the Frontline Club in London, UK.  The topic for discussion was 'Will the Internet be the battleground of the 21st century?'.


 

The discussion covered recent examples of Advanced Persistent Threats and the importance of informed security-focused decision-making.  We looked at the topic from different angles: from the strategic viewpoint – how organizations should best prepare themselves to mitigate the effects of a breach of their network, and from a personal viewpoint – looking at the impact of cyber crime on individuals.

...

Read more > 

Filed under: , ,